In this page I describe how to install a full-featured web server on a router (Asus RT-AC56U)
- we use some Entware packages, so please
refer to this page on how to install Entware on a router.
We will use the "Lighttpd"
web server, an alternative to Apache, the most used web server in Linux
environments. Logically I will provide with a brief overview of features of this web server, just
helping to install it and configure it. This web server is really a
full-featured web server, so I suggest to refer to the its
wiki page for further details and additional features. For a better understanding, I
will divide this page into several step-after-step sections.
In order to install the Lighttpd web server, we have to execute the following steps:
Please refer to Lighttpd's website for further details about configuration file options.
Normally the Lighttpd web server is executed as a
full-privilege user ("root" or "admin"). I really discourage to do it due to
security reasons. In most of the routers a safer low-privilege user is included,
it is called "nobody", under group "nobody". This user is included
in file "/etc/passwd", together with all other users of the router.
In order to run Lighttpd web server as "nobody" user, we have to
execute the following steps:
To check if Lighttpd is running as "nobody" user, we
use the following command line:
ps | grep -i lighttpd
The second column ("USER") should be "nobody".
NOTE : remember that, whenever you add a file into
root web folder "/opt/share/www/lighttpd/", you have to set the owner of the
new file to "nobody:nobody", using the command "chown" -
you may even use
the following command line:
chown -R nobody:nobody /opt/share/www/lighttpd/
Normally the Lighttpd web server does not allow the
directory listing due to security reasons, so we need to have at least one index
file ("index.php", "index.html", "index.htm", "default.htm") in each folder of
the web server, otherwise the web server returns the error "403 - forbidden". To
avoid this error, we need to enable directory listing, in order to make web
server show a list of all files included in each web folder.
In order to enable directory listing in Lighttpd web server, we have to
execute the following steps:
To check if Lighttpd web server shows a list of files included in each web folder, we rename all index files so to keep the web folder without index files (so to have the web folder without any of files "index.php", "index.html", "index.htm", "default.htm"). If we open the browser and we input the address of the web server, now the web server should show a list of files included in a web folder, instead of error "403 - forbidden".
Please refer to Lighttpd's website for further details about directory listing.
Normally the Lighttpd web server allows all users to
access to web server without any kind of authentication. Due to security reasons,
in this section we try to enable the user authentication in this web server.
In order to enable user authentication in Lighttpd web server, we have to
execute the following steps:
auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/opt/share/www/lighttpd/.htpasswd" auth.require = ( "/" => ( "method" => "basic", "realm" => "Please enter your Password.", "require" => "valid-user" ), )
Now the Lighttpd web server, if we open the browser and we input the web address of the web server, should show a window requesting the user name and the password to access to the web server.
Please refer to Lighttpd's website for further details about authentication.
This is an optional section reserved to the users that want
to enable the PHP interpreter on Lighttpd web server. This section uses the
newest PHP7 Entware's packages instead of the older PHP5 packages. Due to the large
amounts of features and functions of PHP interpreter, please refer to
PHP manual.
In order to enable PHP interpreter in Lighttpd web server, we have to
execute the following steps:
post_max_size = 500M display_errors = Off error_log = /opt/var/log/php_errors.log output_buffering = Off ; Resource Limits max_execution_time = 30 ; Maximum execution time of each script, in seconds. max_input_time = 60 ; Maximum amount of time each script may spend parsing request data. ;max_input_nesting_level = 64 memory_limit = 32M ; Maximum amount of memory a script may consume. ; Paths and Directories ;doc_root = "/opt/share/www/lighttpd" ;user_dir = extension_dir = "/opt/lib/php" enable_dl = On ;cgi.force_redirect = 1 ;cgi.nph = 1 ;cgi.redirect_status_env = ; cgi.fix_pathinfo=1 ; File Uploads file_uploads = On upload_tmp_dir = "/opt/tmp" upload_max_filesize = 500M max_file_uploads = 50
fastcgi.server = ( ".php" => ( "localhost" => ( "socket" => "/tmp/php-fcgi.sock", "bin-path" => "/opt/bin/php-cgi", "max-procs" => 1, "broken-scriptfilename" => "enable", "bin-environment" => ( "PHP_FCGI_CHILDREN" => "1", "PHP_FCGI_MAX_REQUESTS" => "1000" ) ) ) )
<?php phpinfo(); ?>
Remember to install the "php7-mod-*" Entware's
packages as per your needs, you can get a list of available packages with
following command:
opkg list | grep -i php7-mod
Please refer to Lighttpd's website for further details about FastCGI.